cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dropbox Extensions opens to all developers!

Dropbox Extensions opens to all developers!

TaylorKrusen
Dropbox Staff

Dropbox Extensions are now open to all developers! It's a feature that can be added to your new or existing apps with Full Dropbox access, and is compatible with Dropbox API v2 and OAuth 2.0 flow. You can read more about Extensions in our developer blog or the Extensions Guide.

We'd love to hear how you're thinking about leveraging Extensions, or any other features you'd like to see in Extensions. Please post your comments and questions below and we look forward to hearing from you :).

5 Replies 5

umalik-pd
Explorer | Level 3

This is great news.

 

However looks like there is a bug that needs fixing.

 

Scenario:

- Consider a Personal App with "Full Dropbox" permission (since thats only where its available as type of writing this) - will call it MyShare

1. User A oauth the app, we got user token - good so far

2. User A goes to DB and select a file from ROOT/FILE.txt and clicks share with MyShare - good so far

3. User A is taken to EXTENSIONURL?file_id... - very good so far

4. "MyShare App" looks up file_id and OOPS, it doesn't have access - very bad

5. Upon investigating it turns out that the "Full Dropbox" scope only has access to "User A's files and folders'

 

Problem

- As an extension I would like for it to work on any file, regardless of it being outsitde "my folder" or my files

-- It would defeat the purpose if extenion works only my files

- Right now I can select other users file, click on share - and it fails as the API doesn't have the ability to download it.

- The user doesn't have access to the folders outside his own folder and it fails with:

{
  "error_summary": "path/not_found/",
  "error": {
    ".tag": "path",
    "path": {
      ".tag": "not_found"
    }
  }
}

- Further more when you make the api call to: https://api.dropboxapi.com/2/files/list_folder, you are chrooted to user's folder and dont have visibility outside. This doesn't seem competable with extensions.

 

Hope this helps and looking forward to a fix/update on this.

 

Thanks

 

Greg-DB
Dropbox Staff

@umalik-pd Thanks for the feedback! In this scenario, it sounds like the "ROOT/" you're referring to is a Business "team space". Apps with Full Dropbox access can actually access files in the team space that the connected user has access to (for which they may have triggered the extensions flow). API calls do default to the user's own member folder as the root though, as you found, so you'd need to configure your API calls when you need to access the team space instead. If you try to access something in the team space without setting the root accordingly, the call will fail. You can find information on how to configure this in the Namespace Guide

 

I'll send this along to the team though as a request to include some way of indicating which root is relevant in the extensions flow.

 

 

umalik-pd
Explorer | Level 3

So one way to achive desired result would to have two apps:

 

- Personal Full Access: so we can get the extensions going

- Team File Access: so we can lookup files passed from share-extension

 

This works, but hope it doesn't change 🙂

 

 

Altough I think it would make sense to have an extension at the team level as well so there is no less confusion (and less apps for a user to install?)

 

Greg-DB
Dropbox Staff

@umalik-pd I'm not sure I understand your comment. You can lookup and access files passed along the extensions flow from a ("personal" or "user-linked") Dropbox API app with Full Dropbox access, even if the file happens to be in the team space. If the file happens to be in the team space, you just need to set the 'Dropbox-API-Path-Root' header accordingly, as covered in the namespace Guide.

 

You don't need a Dropbox Business API app ("team-linked") with the "team member file access" access just to access the team space. You would use this type of app if you needed the ability to connect to any arbitrary member of the team, for instance, or to access other team-specific functionality.

umalik-pd
Explorer | Level 3

I can confirm that I can use Persnal apps to download files. Thanks for your help!

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    umalik-pd Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?